Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application

Jonathan Muehlstein, Yehonatan Zion, Maor Bahumi, Itay Kirshenboim, Ran Dubin, Amit Dvir, Ofir Pele

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

45 Scopus citations

Abstract

Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with the device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of the internet traffic is encrypted and thus passive attacks are challenging. In this paper, we show that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS). To the best of our knowledge, this is the first work that shows this. We provide a large data set of more than 20000 examples for this task. Additionally, we suggest new features for this task. We run a through a set of experiments, which shows that our classification accuracy is 96.06%.

Original languageEnglish
Title of host publication2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509061969
DOIs
StatePublished - 17 Jul 2017
Event14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017 - Las Vegas, United States
Duration: 8 Jan 201711 Jan 2017

Publication series

Name2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
Volume2017-January

Conference

Conference14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
Country/TerritoryUnited States
CityLas Vegas
Period8/01/1711/01/17

Keywords

  • Application
  • Browser
  • Encrypted traffic
  • HTTPS
  • Operating system

Fingerprint

Dive into the research topics of 'Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application'. Together they form a unique fingerprint.

Cite this